Privacy Policy

redactcv is a software service operated from Australia. We help recruitment agencies anonymise candidate CVs so that clients cannot reverse-search candidates and contact them directly.

Contact: privacy@redactcv.com

We collect only what is necessary to provide the service:

• — Account data — name, email address, and authentication credentials managed via Clerk.
• — CV files — PDF documents you upload for anonymisation. These are processed in memory and are not stored on our servers after processing completes.
• — Usage data — number of CVs processed per billing period, used to enforce plan limits.
• — Billing data — payment information is collected and stored by Stripe. We do not hold your card details.
• — Audit logs — on enterprise plans only, a log of anonymisation actions is stored in our database for compliance purposes.
• — Technical data — standard server logs (IP address, request timestamps) retained for security purposes.

• — To provide, operate, and improve the redactcv service
• — To enforce plan limits and process billing
• — To respond to support requests
• — To detect and prevent abuse or security incidents
• — To comply with legal obligations

We do not sell your data. We do not use your data for advertising. We do not train AI models on your CV content.

CV anonymisation is performed using large language models provided by Anthropic (Claude) and Google (Gemini). CV content is transmitted to these providers solely for the purpose of processing your request.

Both providers operate under enterprise data processing agreements. Neither provider uses your data to train their models when accessed via API.

CV content is not retained by us after processing. It may be briefly cached by the AI provider during the API call in accordance with their privacy policies.

redactcv is hosted on Vercel infrastructure, with servers located in the United States (Washington D.C.). Authentication is handled by Clerk, with data stored in the US. Audit log data (enterprise plans) is stored in Supabase.

We serve customers globally. By using redactcv, you acknowledge that your data may be processed outside your country of residence.

Where required by GDPR, appropriate transfer mechanisms (Standard Contractual Clauses) are in place with our sub-processors.

• — CV files — not retained. Processed in memory and discarded immediately after the API response is sent.
• — Account data — retained for the duration of your account. Deleted within 30 days of account closure on request.
• — Audit logs — retained for 12 months (enterprise plans). Configurable on request.
• — Billing records — retained as required by law (typically 7 years for financial records).

Depending on your jurisdiction, you may have the right to:

• — Access the personal data we hold about you
• — Request correction of inaccurate data
• — Request deletion of your account and associated data
• — Request a portable copy of your data
• — Object to or restrict certain processing
• — Lodge a complaint with a supervisory authority (ICO in the UK; OAIC in Australia)

To exercise any of these rights, email privacy@redactcv.com. We will respond within 30 days.

redactcv uses only functional cookies necessary for authentication (set by Clerk). We do not use advertising cookies, tracking cookies, or third-party analytics.

We implement industry-standard security measures including TLS encryption in transit, access controls, and regular dependency auditing. To report a security vulnerability, see security.txt or email security@redactcv.com.

We may update this policy from time to time. Material changes will be communicated to registered users via email at least 14 days before taking effect. Continued use of the service after that date constitutes acceptance of the updated policy.

For any privacy-related enquiries:

privacy@redactcv.com